Export limit exceeded: 366786 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (366786 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-0330 | 1 Gallery Project | 1 Gallery | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Gallery before 1.5.2 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, possibly involving the user name (fullname). | ||||
| CVE-2006-0331 | 1 Thiago Melo De Paula | 1 Change Passwd | 2026-04-16 | N/A |
| Buffer overflow in Change passwd 3.1 (chpasswd) SquirrelMail plugin allows local users to execute arbitrary code via long command line arguments. | ||||
| CVE-2006-0334 | 1 Freekrai.net | 1 My Amazon Store Manager | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in My Amazon Store Manager 1.0 allows remote attackers to inject arbitrary web script or HTML via the Keywords parameter. NOTE: some sources claim that the affected parameter is "q", but the only public archive of the original researcher notification shows an XSS manipulation in "Keywords". | ||||
| CVE-2006-0335 | 1 Kerio | 1 Winroute Firewall | 2026-04-16 | N/A |
| Multiple unspecified vulnerabilities in Kerio WinRoute Firewall before 6.1.4 Patch 1 allow remote attackers to cause a denial of service via multiple unspecified vectors involving (1) long strings received from Active Directory and (2) the filtering of HTML. | ||||
| CVE-2006-0336 | 1 Kerio | 1 Winroute Firewall | 2026-04-16 | N/A |
| Kerio WinRoute Firewall before 6.1.4 Patch 2 allows attackers to cause a denial of service (CPU consumption and hang) via unknown vectors involving "browsing the web". | ||||
| CVE-2006-0337 | 1 F-secure | 4 F-secure Anti-virus, F-secure Internet Security, Internet Gatekeeper and 1 more | 2026-04-16 | N/A |
| Buffer overflow in multiple F-Secure Anti-Virus products and versions for Windows and Linux, including Anti-Virus for Windows Servers 5.52 and earlier, Internet Security 2004, 2005 and 2006, and Anti-Virus for Linux Servers 4.64 and earlier, allows remote attackers to execute arbitrary code via crafted ZIP archives. | ||||
| CVE-2006-0338 | 1 F-secure | 4 F-secure Anti-virus, F-secure Internet Security, F-secure Personal Express and 1 more | 2026-04-16 | N/A |
| Multiple F-Secure Anti-Virus products and versions for Windows and Linux, including Anti-Virus for Windows Servers 5.52 and earlier, Internet Security 2004, 2005 and 2006, and Anti-Virus for Linux Servers 4.64 and earlier, allow remote attackers to hide arbitrary files and data via malformed (1) RAR and (2) ZIP archives, which are not properly scanned. | ||||
| CVE-2006-0339 | 1 Bitcomet | 1 Bitcomet | 2026-04-16 | N/A |
| Buffer overflow in BitComet Client 0.60 allows remote attackers to execute arbitrary code, when the publisher's name link is clicked, via a long publisher URI in a torrent file. | ||||
| CVE-2006-0340 | 1 Cisco | 1 Ios | 2026-04-16 | N/A |
| Unspecified vulnerability in Stack Group Bidding Protocol (SGBP) support in Cisco IOS 12.0 through 12.4 running on various Cisco products, when SGBP is enabled, allows remote attackers on the local network to cause a denial of service (device hang and network traffic loss) via a crafted UDP packet to port 9900. | ||||
| CVE-2006-0341 | 1 Rockliffe | 1 Mailsite | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in WCONSOLE.DLL in Rockliffe MailSite 5.x and 6.1.22 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string. | ||||
| CVE-2006-0344 | 1 Intervations | 1 Filecopa | 2026-04-16 | N/A |
| Directory traversal vulnerability in Intervations FileCOPA FTP Server 1.01 allows remote attackers to read and write arbitrary files via a .. (dot dot) in the (1) STOR and (2) RETR commands. | ||||
| CVE-2006-0345 | 1 Saral Kaushik | 1 Saralblog | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in SaralBlog 1.0 allow remote attackers to execute arbitrary SQL commands via the search parameter to search.php. NOTE: the id/viewprofile.php issue is already covered by CVE-2005-4058. | ||||
| CVE-2006-0346 | 1 Saral Kaushik | 1 Saralblog | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in SaralBlog 1.0 allows remote attackers to inject arbitrary web script or HTML via a website field in a new comment to view.php, which is not properly handled in the comment function in functions.php. | ||||
| CVE-2006-0347 | 1 Stefan Ritt | 1 Elog Web Logbook | 2026-04-16 | N/A |
| Directory traversal vulnerability in ELOG before 2.6.1 allows remote attackers to access arbitrary files outside of the elog directory via "../" (dot dot) sequences in the URL. | ||||
| CVE-2006-0348 | 1 Stefan Ritt | 1 Elog Web Logbook | 2026-04-16 | N/A |
| Format string vulnerability in the write_logfile function in ELOG before 2.6.1 allows remote attackers to cause a denial of service (server crash) via unknown attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-0349 | 1 Epic Designs | 1 Eggblog | 2026-04-16 | N/A |
| SQL injection vulnerability in eggblog 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to blog.php. | ||||
| CVE-2006-0350 | 1 Epic Designs | 1 Eggblog | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in eggblog 2.0 allow remote attackers to inject arbitrary web script or HTML via the message field to topic.php. | ||||
| CVE-2006-0352 | 1 Fluffington | 1 Flog | 2026-04-16 | N/A |
| The default configuration of Fluffington FLog 1.01 installs users.0.dat under the web document root with insufficient access control, which might allow remote attackers to obtain sensitive information (login credentials) via a direct request. NOTE: It was later reported that 1.1.2 is also affected. | ||||
| CVE-2006-2842 | 2 Redhat, Squirrelmail | 2 Enterprise Linux, Squirrelmail | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in functions/plugin.php in SquirrelMail 1.4.6 and earlier, if register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter. NOTE: this issue has been disputed by third parties, who state that Squirrelmail provides prominent warnings to the administrator when register_globals is enabled. Since the varieties of administrator negligence are uncountable, perhaps this type of issue should not be included in CVE. However, the original developer has posted a security advisory, so there might be relevant real-world environments under which this vulnerability is applicable | ||||
| CVE-2006-2945 | 1 Andreas Gohr | 1 Dokuwiki | 2026-04-16 | N/A |
| Unspecified vulnerability in the user profile change functionality in DokuWiki, when Access Control Lists are enabled, allows remote authenticated users to read unauthorized files via unknown attack vectors. | ||||